aboutsummaryrefslogtreecommitdiffstats
path: root/config/snort/snort_preprocessors.php
diff options
context:
space:
mode:
Diffstat (limited to 'config/snort/snort_preprocessors.php')
-rwxr-xr-xconfig/snort/snort_preprocessors.php891
1 files changed, 754 insertions, 137 deletions
diff --git a/config/snort/snort_preprocessors.php b/config/snort/snort_preprocessors.php
index cf6146cf..e300621a 100755
--- a/config/snort/snort_preprocessors.php
+++ b/config/snort/snort_preprocessors.php
@@ -59,20 +59,41 @@ $pconfig = array();
if (isset($id) && $a_nat[$id]) {
$pconfig = $a_nat[$id];
- /* new options */
+ /* Get current values from config for page form fields */
$pconfig['perform_stat'] = $a_nat[$id]['perform_stat'];
$pconfig['server_flow_depth'] = $a_nat[$id]['server_flow_depth'];
$pconfig['http_server_profile'] = $a_nat[$id]['http_server_profile'];
$pconfig['client_flow_depth'] = $a_nat[$id]['client_flow_depth'];
+ $pconfig['stream5_reassembly'] = $a_nat[$id]['stream5_reassembly'];
+ $pconfig['stream5_require_3whs'] = $a_nat[$id]['stream5_require_3whs'];
+ $pconfig['stream5_track_tcp'] = $a_nat[$id]['stream5_track_tcp'];
+ $pconfig['stream5_track_udp'] = $a_nat[$id]['stream5_track_udp'];
+ $pconfig['stream5_track_icmp'] = $a_nat[$id]['stream5_track_icmp'];
$pconfig['max_queued_bytes'] = $a_nat[$id]['max_queued_bytes'];
$pconfig['max_queued_segs'] = $a_nat[$id]['max_queued_segs'];
+ $pconfig['stream5_overlap_limit'] = $a_nat[$id]['stream5_overlap_limit'];
+ $pconfig['stream5_policy'] = $a_nat[$id]['stream5_policy'];
$pconfig['stream5_mem_cap'] = $a_nat[$id]['stream5_mem_cap'];
+ $pconfig['stream5_tcp_timeout'] = $a_nat[$id]['stream5_tcp_timeout'];
+ $pconfig['stream5_udp_timeout'] = $a_nat[$id]['stream5_udp_timeout'];
+ $pconfig['stream5_icmp_timeout'] = $a_nat[$id]['stream5_icmp_timeout'];
+ $pconfig['stream5_no_reassemble_async'] = $a_nat[$id]['stream5_no_reassemble_async'];
+ $pconfig['stream5_dont_store_lg_pkts'] = $a_nat[$id]['stream5_dont_store_lg_pkts'];
$pconfig['http_inspect'] = $a_nat[$id]['http_inspect'];
+ $pconfig['http_inspect_memcap'] = $a_nat[$id]['http_inspect_memcap'];
+ $pconfig['http_inspect_enable_xff'] = $a_nat[$id]['http_inspect_enable_xff'];
+ $pconfig['http_inspect_log_uri'] = $a_nat[$id]['http_inspect_log_uri'];
+ $pconfig['http_inspect_log_hostname'] = $a_nat[$id]['http_inspect_log_hostname'];
$pconfig['noalert_http_inspect'] = $a_nat[$id]['noalert_http_inspect'];
$pconfig['other_preprocs'] = $a_nat[$id]['other_preprocs'];
$pconfig['ftp_preprocessor'] = $a_nat[$id]['ftp_preprocessor'];
$pconfig['smtp_preprocessor'] = $a_nat[$id]['smtp_preprocessor'];
$pconfig['sf_portscan'] = $a_nat[$id]['sf_portscan'];
+ $pconfig['pscan_protocol'] = $a_nat[$id]['pscan_protocol'];
+ $pconfig['pscan_type'] = $a_nat[$id]['pscan_type'];
+ $pconfig['pscan_sense_level'] = $a_nat[$id]['pscan_sense_level'];
+ $pconfig['pscan_memcap'] = $a_nat[$id]['pscan_memcap'];
+ $pconfig['pscan_ignore_scanners'] = $a_nat[$id]['pscan_ignore_scanners'];
$pconfig['dce_rpc_2'] = $a_nat[$id]['dce_rpc_2'];
$pconfig['dns_preprocessor'] = $a_nat[$id]['dns_preprocessor'];
$pconfig['sensitive_data'] = $a_nat[$id]['sensitive_data'];
@@ -85,17 +106,24 @@ if (isset($id) && $a_nat[$id]) {
$pconfig['gtp_preproc'] = $a_nat[$id]['gtp_preproc'];
$pconfig['preproc_auto_rule_disable'] = $a_nat[$id]['preproc_auto_rule_disable'];
$pconfig['protect_preproc_rules'] = $a_nat[$id]['protect_preproc_rules'];
+ $pconfig['frag3_detection'] = $a_nat[$id]['frag3_detection'];
+ $pconfig['frag3_overlap_limit'] = $a_nat[$id]['frag3_overlap_limit'];
+ $pconfig['frag3_min_frag_len'] = $a_nat[$id]['frag3_min_frag_len'];
+ $pconfig['frag3_policy'] = $a_nat[$id]['frag3_policy'];
+ $pconfig['frag3_max_frags'] = $a_nat[$id]['frag3_max_frags'];
+ $pconfig['frag3_memcap'] = $a_nat[$id]['frag3_memcap'];
+ $pconfig['frag3_timeout'] = $a_nat[$id]['frag3_timeout'];
/* If not using the Snort VRT rules, then disable */
/* the Sensitive Data (sdf) preprocessor. */
if ($vrt_enabled == "off")
$pconfig['sensitive_data'] = "off";
- /**********************************************************/
- /* To keep new users from shooting themselves in the foot */
- /* enable the most common and necessary preprocessors by */
- /* default. */
- /**********************************************************/
+ /************************************************************/
+ /* To keep new users from shooting themselves in the foot */
+ /* enable the most common required preprocessors by default */
+ /* and set reasonable values for any options. */
+ /************************************************************/
if (empty($pconfig['ftp_preprocessor']))
$pconfig['ftp_preprocessor'] = 'on';
if (empty($pconfig['smtp_preprocessor']))
@@ -114,29 +142,152 @@ if (isset($id) && $a_nat[$id]) {
$pconfig['sip_preproc'] = 'on';
if (empty($pconfig['other_preprocs']))
$pconfig['other_preprocs'] = 'on';
+ if (empty($pconfig['http_inspect_memcap']))
+ $pconfig['http_inspect_memcap'] = "150994944";
+ if (empty($pconfig['frag3_overlap_limit']))
+ $pconfig['frag3_overlap_limit'] = '0';
+ if (empty($pconfig['frag3_min_frag_len']))
+ $pconfig['frag3_min_frag_len'] = '0';
+ if (empty($pconfig['frag3_max_frags']))
+ $pconfig['frag3_max_frags'] = '8192';
+ if (empty($pconfig['frag3_policy']))
+ $pconfig['frag3_policy'] = 'bsd';
+ if (empty($pconfig['frag3_memcap']))
+ $pconfig['frag3_memcap'] = '4194304';
+ if (empty($pconfig['frag3_timeout']))
+ $pconfig['frag3_timeout'] = '60';
+ if (empty($pconfig['frag3_detection']))
+ $pconfig['frag3_detection'] = 'on';
+ if (empty($pconfig['stream5_reassembly']))
+ $pconfig['stream5_reassembly'] = 'on';
+ if (empty($pconfig['stream5_track_tcp']))
+ $pconfig['stream5_track_tcp'] = 'on';
+ if (empty($pconfig['stream5_track_udp']))
+ $pconfig['stream5_track_udp'] = 'on';
+ if (empty($pconfig['stream5_track_icmp']))
+ $pconfig['stream5_track_icmp'] = 'off';
+ if (empty($pconfig['stream5_require_3whs']))
+ $pconfig['stream5_require_3whs'] = 'off';
+ if (empty($pconfig['stream5_overlap_limit']))
+ $pconfig['stream5_overlap_limit'] = '0';
+ if (empty($pconfig['stream5_tcp_timeout']))
+ $pconfig['stream5_tcp_timeout'] = '30';
+ if (empty($pconfig['stream5_udp_timeout']))
+ $pconfig['stream5_udp_timeout'] = '30';
+ if (empty($pconfig['stream5_icmp_timeout']))
+ $pconfig['stream5_icmp_timeout'] = '30';
+ if (empty($pconfig['stream5_no_reassemble_async']))
+ $pconfig['stream5_no_reassemble_async'] = 'off';
+ if (empty($pconfig['stream5_dont_store_lg_pkts']))
+ $pconfig['stream5_dont_store_lg_pkts'] = 'off';
+ if (empty($pconfig['stream5_policy']))
+ $pconfig['stream5_policy'] = 'bsd';
+ if (empty($pconfig['pscan_protocol']))
+ $pconfig['pscan_protocol'] = 'all';
+ if (empty($pconfig['pscan_type']))
+ $pconfig['pscan_type'] = 'all';
+ if (empty($pconfig['pscan_memcap']))
+ $pconfig['pscan_memcap'] = '10000000';
+ if (empty($pconfig['pscan_sense_level']))
+ $pconfig['pscan_sense_level'] = 'medium';
}
/* Define the "disabled_preproc_rules.log" file for this interface */
$iface = snort_get_friendly_interface($pconfig['interface']);
$disabled_rules_log = "{$snortlogdir}/{$iface}_disabled_preproc_rules.log";
-if ($_POST) {
+if ($_POST['ResetAll']) {
+
+ /* Reset all the preprocessor settings to defaults */
+ $pconfig['perform_stat'] = "off";
+ $pconfig['server_flow_depth'] = "300";
+ $pconfig['http_server_profile'] = "all";
+ $pconfig['client_flow_depth'] = "300";
+ $pconfig['stream5_reassembly'] = "on";
+ $pconfig['stream5_require_3whs'] = "off";
+ $pconfig['stream5_track_tcp'] = "on";
+ $pconfig['stream5_track_udp'] = "on";
+ $pconfig['stream5_track_icmp'] = "off";
+ $pconfig['max_queued_bytes'] = "1048576";
+ $pconfig['max_queued_segs'] = "2621";
+ $pconfig['stream5_overlap_limit'] = "0";
+ $pconfig['stream5_policy'] = "bsd";
+ $pconfig['stream5_mem_cap'] = "8388608";
+ $pconfig['stream5_tcp_timeout'] = "30";
+ $pconfig['stream5_udp_timeout'] = "30";
+ $pconfig['stream5_icmp_timeout'] = "30";
+ $pconfig['stream5_no_reassemble_async'] = "off";
+ $pconfig['stream5_dont_store_lg_pkts'] = "off";
+ $pconfig['http_inspect'] = "on";
+ $pconfig['http_inspect_enable_xff'] = "off";
+ $pconfig['http_inspect_log_uri'] = "off";
+ $pconfig['http_inspect_log_hostname'] = "off";
+ $pconfig['noalert_http_inspect'] = "on";
+ $pconfig['http_inspect_memcap'] = "150994944";
+ $pconfig['other_preprocs'] = "on";
+ $pconfig['ftp_preprocessor'] = "on";
+ $pconfig['smtp_preprocessor'] = "on";
+ $pconfig['sf_portscan'] = "off";
+ $pconfig['pscan_protocol'] = "all";
+ $pconfig['pscan_type'] = "all";
+ $pconfig['pscan_sense_level'] = "medium";
+ $pconfig['pscan_ignore_scanners'] = "";
+ $pconfig['pscan_memcap'] = '10000000';
+ $pconfig['dce_rpc_2'] = "on";
+ $pconfig['dns_preprocessor'] = "on";
+ $pconfig['sensitive_data'] = "off";
+ $pconfig['ssl_preproc'] = "on";
+ $pconfig['pop_preproc'] = "on";
+ $pconfig['imap_preproc'] = "on";
+ $pconfig['sip_preproc'] = "on";
+ $pconfig['dnp3_preproc'] = "off";
+ $pconfig['modbus_preproc'] = "off";
+ $pconfig['gtp_preproc'] = "off";
+ $pconfig['preproc_auto_rule_disable'] = "off";
+ $pconfig['protect_preproc_rules'] = "off";
+ $pconfig['frag3_detection'] = "on";
+ $pconfig['frag3_overlap_limit'] = "0";
+ $pconfig['frag3_min_frag_len'] = "0";
+ $pconfig['frag3_policy'] = "bsd";
+ $pconfig['frag3_max_frags'] = "8192";
+ $pconfig['frag3_memcap'] = "4194304";
+ $pconfig['frag3_timeout'] = "60";
+
+ /* Log a message at the top of the page to inform the user */
+ $savemsg = "All preprocessor settings have been reset to the defaults.";
+}
+elseif ($_POST['Submit']) {
$natent = array();
$natent = $pconfig;
if ($_POST['pscan_ignore_scanners'] && !is_alias($_POST['pscan_ignore_scanners']))
- $input_errors[] = "Only aliases are allowed";
+ $input_errors[] = "Only aliases are allowed for the Portscan IGNORE_SCANNERS option.";
/* if no errors write to conf */
if (!$input_errors) {
/* post new options */
- if ($_POST['server_flow_depth'] != "") { $natent['server_flow_depth'] = $_POST['server_flow_depth']; }else{ $natent['server_flow_depth'] = ""; }
+ if ($_POST['server_flow_depth'] != "") { $natent['server_flow_depth'] = $_POST['server_flow_depth']; }else{ $natent['server_flow_depth'] = "300"; }
if ($_POST['http_server_profile'] != "") { $natent['http_server_profile'] = $_POST['http_server_profile']; }else{ $natent['http_server_profile'] = "all"; }
- if ($_POST['client_flow_depth'] != "") { $natent['client_flow_depth'] = $_POST['client_flow_depth']; }else{ $natent['client_flow_depth'] = ""; }
- if ($_POST['max_queued_bytes'] != "") { $natent['max_queued_bytes'] = $_POST['max_queued_bytes']; }else{ $natent['max_queued_bytes'] = ""; }
- if ($_POST['max_queued_segs'] != "") { $natent['max_queued_segs'] = $_POST['max_queued_segs']; }else{ $natent['max_queued_segs'] = ""; }
- if ($_POST['stream5_mem_cap'] != "") { $natent['stream5_mem_cap'] = $_POST['stream5_mem_cap']; }else{ $natent['stream5_mem_cap'] = ""; }
+ if ($_POST['client_flow_depth'] != "") { $natent['client_flow_depth'] = $_POST['client_flow_depth']; }else{ $natent['client_flow_depth'] = "300"; }
+ if ($_POST['http_inspect_memcap'] != "") { $natent['http_inspect_memcap'] = $_POST['http_inspect_memcap']; }else{ $natent['http_inspect_memcap'] = "150994944"; }
+ if ($_POST['stream5_overlap_limit'] != "") { $natent['stream5_overlap_limit'] = $_POST['stream5_overlap_limit']; }else{ $natent['stream5_overlap_limit'] = "0"; }
+ if ($_POST['stream5_policy'] != "") { $natent['stream5_policy'] = $_POST['stream5_policy']; }else{ $natent['stream5_policy'] = "bsd"; }
+ if ($_POST['stream5_mem_cap'] != "") { $natent['stream5_mem_cap'] = $_POST['stream5_mem_cap']; }else{ $natent['stream5_mem_cap'] = "8388608"; }
+ if ($_POST['stream5_tcp_timeout'] != "") { $natent['stream5_tcp_timeout'] = $_POST['stream5_tcp_timeout']; }else{ $natent['stream5_tcp_timeout'] = "30"; }
+ if ($_POST['stream5_udp_timeout'] != "") { $natent['stream5_udp_timeout'] = $_POST['stream5_udp_timeout']; }else{ $natent['stream5_udp_timeout'] = "30"; }
+ if ($_POST['stream5_icmp_timeout'] != "") { $natent['stream5_icmp_timeout'] = $_POST['stream5_icmp_timeout']; }else{ $natent['stream5_icmp_timeout'] = "30"; }
+ if ($_POST['max_queued_bytes'] != "") { $natent['max_queued_bytes'] = $_POST['max_queued_bytes']; }else{ $natent['max_queued_bytes'] = "1048576"; }
+ if ($_POST['max_queued_segs'] != "") { $natent['max_queued_segs'] = $_POST['max_queued_segs']; }else{ $natent['max_queued_segs'] = "2621"; }
+ if ($_POST['pscan_protocol'] != "") { $natent['pscan_protocol'] = $_POST['pscan_protocol']; }else{ $natent['pscan_protocol'] = "all"; }
+ if ($_POST['pscan_type'] != "") { $natent['pscan_type'] = $_POST['pscan_type']; }else{ $natent['pscan_type'] = "all"; }
+ if ($_POST['pscan_memcap'] != "") { $natent['pscan_memcap'] = $_POST['pscan_memcap']; }else{ $natent['pscan_memcap'] = "10000000"; }
if ($_POST['pscan_sense_level'] != "") { $natent['pscan_sense_level'] = $_POST['pscan_sense_level']; }else{ $natent['pscan_sense_level'] = "medium"; }
+ if ($_POST['frag3_overlap_limit'] != "") { $natent['frag3_overlap_limit'] = $_POST['frag3_overlap_limit']; }else{ $natent['frag3_overlap_limit'] = "0"; }
+ if ($_POST['frag3_min_frag_len'] != "") { $natent['frag3_min_frag_len'] = $_POST['frag3_min_frag_len']; }else{ $natent['frag3_min_frag_len'] = "0"; }
+ if ($_POST['frag3_policy'] != "") { $natent['frag3_policy'] = $_POST['frag3_policy']; }else{ $natent['frag3_policy'] = "bsd"; }
+ if ($_POST['frag3_max_frags'] != "") { $natent['frag3_max_frags'] = $_POST['frag3_max_frags']; }else{ $natent['frag3_max_frags'] = "8192"; }
+ if ($_POST['frag3_memcap'] != "") { $natent['frag3_memcap'] = $_POST['frag3_memcap']; }else{ $natent['frag3_memcap'] = "4194304"; }
+ if ($_POST['frag3_timeout'] != "") { $natent['frag3_timeout'] = $_POST['frag3_timeout']; }else{ $natent['frag3_timeout'] = "60"; }
if ($_POST['pscan_ignore_scanners'])
$natent['pscan_ignore_scanners'] = $_POST['pscan_ignore_scanners'];
@@ -145,6 +296,9 @@ if ($_POST) {
$natent['perform_stat'] = $_POST['perform_stat'] ? 'on' : 'off';
$natent['http_inspect'] = $_POST['http_inspect'] ? 'on' : 'off';
+ $natent['http_inspect_enable_xff'] = $_POST['http_inspect_enable_xff'] ? 'on' : 'off';
+ $natent['http_inspect_log_uri'] = $_POST['http_inspect_log_uri'] ? 'on' : 'off';
+ $natent['http_inspect_log_hostname'] = $_POST['http_inspect_log_hostname'] ? 'on' : 'off';
$natent['noalert_http_inspect'] = $_POST['noalert_http_inspect'] ? 'on' : 'off';
$natent['other_preprocs'] = $_POST['other_preprocs'] ? 'on' : 'off';
$natent['ftp_preprocessor'] = $_POST['ftp_preprocessor'] ? 'on' : 'off';
@@ -163,6 +317,14 @@ if ($_POST) {
$natent['gtp_preproc'] = $_POST['gtp_preproc'] ? 'on' : 'off';
$natent['preproc_auto_rule_disable'] = $_POST['preproc_auto_rule_disable'] ? 'on' : 'off';
$natent['protect_preproc_rules'] = $_POST['protect_preproc_rules'] ? 'on' : 'off';
+ $natent['frag3_detection'] = $_POST['frag3_detection'] ? 'on' : 'off';
+ $natent['stream5_reassembly'] = $_POST['stream5_reassembly'] ? 'on' : 'off';
+ $natent['stream5_track_tcp'] = $_POST['stream5_track_tcp'] ? 'on' : 'off';
+ $natent['stream5_track_udp'] = $_POST['stream5_track_udp'] ? 'on' : 'off';
+ $natent['stream5_track_icmp'] = $_POST['stream5_track_icmp'] ? 'on' : 'off';
+ $natent['stream5_require_3whs'] = $_POST['stream5_require_3whs'] ? 'on' : 'off';
+ $natent['stream5_no_reassemble_async'] = $_POST['stream5_no_reassemble_async'] ? 'on' : 'off';
+ $natent['stream5_dont_store_lg_pkts'] = $_POST['stream5_dont_store_lg_pkts'] ? 'on' : 'off';
/* If 'preproc_auto_rule_disable' is off, then clear log file */
if ($natent['preproc_auto_rule_disable'] == 'off')
@@ -201,10 +363,10 @@ if ($_POST) {
}
$if_friendly = snort_get_friendly_interface($pconfig['interface']);
-$pgtitle = "Snort: Interface {$if_real} Preprocessors and Flow";
+$pgtitle = "Snort: Interface {$if_friendly}: Preprocessors and Flow";
include_once("head.inc");
?>
-<body link="#0000CC" vlink="#0000CC" alink="#0000CC">
+<body link="#0000CC" vlink="#0000CC" alink="#0000CC" onload="enable_change_all()">
<?php include("fbegin.inc"); ?>
<?php if($pfsense_stable == 'yes'){echo '<p class="pgtitle">' . $pgtitle . '</p>';}
@@ -227,42 +389,36 @@ include_once("head.inc");
<script type="text/javascript" src="/javascript/suggestions.js">
</script>
-<script language="javascript" type="text/javascript">
-
-function wopen(url, name, w, h)
-{
-// Fudge factors for window decoration space.
-// In my tests these work well on all platforms & browsers.
-w += 32;
-h += 96;
- var win = window.open(url,
- name,
- 'width=' + w + ', height=' + h + ', ' +
- 'location=no, menubar=no, ' +
- 'status=no, toolbar=no, scrollbars=yes, resizable=yes');
- win.resizeTo(w, h);
- win.focus();
-}
-</script>
-
<form action="snort_preprocessors.php" method="post"
enctype="multipart/form-data" name="iform" id="iform">
<table width="100%" border="0" cellpadding="0" cellspacing="0">
<tr><td>
<?php
+ $tab_array = array();
+ $tab_array[0] = array(gettext("Snort Interfaces"), true, "/snort/snort_interfaces.php");
+ $tab_array[1] = array(gettext("Global Settings"), false, "/snort/snort_interfaces_global.php");
+ $tab_array[2] = array(gettext("Updates"), false, "/snort/snort_download_updates.php");
+ $tab_array[3] = array(gettext("Alerts"), false, "/snort/snort_alerts.php");
+ $tab_array[4] = array(gettext("Blocked"), false, "/snort/snort_blocked.php");
+ $tab_array[5] = array(gettext("Whitelists"), false, "/snort/snort_interfaces_whitelist.php");
+ $tab_array[6] = array(gettext("Suppress"), false, "/snort/snort_interfaces_suppress.php");
+ $tab_array[7] = array(gettext("Sync"), false, "/pkg_edit.php?xml=snort/snort_sync.xml");
+ display_top_tabs($tab_array);
+ echo '</td></tr>';
+ echo '<tr><td>';
+ $menu_iface=($if_friendly?substr($if_friendly,0,5)." ":"Iface ");
$tab_array = array();
- $tab_array[] = array(gettext("Snort Interfaces"), false, "/snort/snort_interfaces.php");
- $tab_array[] = array(gettext("If Settings"), false, "/snort/snort_interfaces_edit.php?id={$id}");
- $tab_array[] = array(gettext("Categories"), false, "/snort/snort_rulesets.php?id={$id}");
- $tab_array[] = array(gettext("Rules"), false, "/snort/snort_rules.php?id={$id}");
- $tab_array[] = array(gettext("Variables"), false, "/snort/snort_define_servers.php?id={$id}");
- $tab_array[] = array(gettext("Preprocessors"), true, "/snort/snort_preprocessors.php?id={$id}");
- $tab_array[] = array(gettext("Barnyard2"), false, "/snort/snort_barnyard.php?id={$id}");
+ $tab_array[] = array($menu_iface . gettext("Settings"), false, "/snort/snort_interfaces_edit.php?id={$id}");
+ $tab_array[] = array($menu_iface . gettext("Categories"), false, "/snort/snort_rulesets.php?id={$id}");
+ $tab_array[] = array($menu_iface . gettext("Rules"), false, "/snort/snort_rules.php?id={$id}");
+ $tab_array[] = array($menu_iface . gettext("Variables"), false, "/snort/snort_define_servers.php?id={$id}");
+ $tab_array[] = array($menu_iface . gettext("Preprocessors"), true, "/snort/snort_preprocessors.php?id={$id}");
+ $tab_array[] = array($menu_iface . gettext("Barnyard2"), false, "/snort/snort_barnyard.php?id={$id}");
display_top_tabs($tab_array);
?>
</td></tr>
-<tr><td class="tabcont">
-<table width="100%" border="0" cellpadding="6" cellspacing="0">
+<tr><td><div id="mainarea">
+<table id="maintable" class="tabcont" width="100%" border="0" cellpadding="6" cellspacing="0">
<tr>
<td colspan="2" align="left" valign="middle">
<?php echo gettext("Rules may be dependent on preprocessors! Disabling preprocessors may result in "); ?>
@@ -275,24 +431,25 @@ h += 96;
<td colspan="2" valign="top" class="listtopic"><?php echo gettext("Preprocessors Configuration"); ?></td>
</tr>
<tr>
- <td width="22%" valign="top" class="vncell"><?php echo gettext("Enable"); ?></td>
+ <td width="22%" valign="top" class="vncell"><?php echo gettext("Enable Performance Stats"); ?></td>
<td width="78%" class="vtable"><input name="perform_stat" type="checkbox" value="on"
- <?php if ($pconfig['perform_stat']=="on") echo "checked"; ?>
- onClick="enable_change(false)"> <?php echo gettext("Collect Performance Statistics for this interface."); ?></td>
+ <?php if ($pconfig['perform_stat']=="on") echo "checked"; ?>>
+ <?php echo gettext("Collect Performance Statistics for this interface."); ?></td>
</tr>
<tr>
<td width="22%" valign="top" class="vncell"><?php echo gettext("Protect Customized Preprocessor Rules"); ?></td>
<td width="78%" class="vtable"><input name="protect_preproc_rules" type="checkbox" value="on"
<?php if ($pconfig['protect_preproc_rules']=="on") echo "checked ";
- if ($vrt_enabled <> 'on') echo "disabled"; ?>
- onClick="enable_change(false)"> <?php echo gettext("Check this box if you maintain customized preprocessor text rules files for this interface."); ?>
+ if ($vrt_enabled <> 'on') echo "disabled"; ?>>
+ <?php echo gettext("Check this box if you maintain customized preprocessor text rules files for this interface."); ?>
<table width="100%" border="0" cellpadding="2" cellpadding="2">
<tr>
<td width="3%">&nbsp;</td>
<td><?php echo gettext("Enable this only if you use customized preprocessor text rules files and " .
"you do not want them overwritten by automatic Snort VRT rule updates. " .
"This option is disabled when Snort VRT rules download is not enabled on the Global Settings tab."); ?><br/><br/>
- <?php printf(gettext("%sHint:%s Most users should leave this unchecked."), '<span class="red"><strong>', '</strong></span>'); ?></span></td>
+ <?php echo "<span class=\"red\"><strong>" . gettext("Hint: ") . "</strong></span>" .
+ gettext("Most users should leave this unchecked."); ?></td>
</tr>
</table>
</td>
@@ -300,9 +457,9 @@ h += 96;
<tr>
<td width="22%" valign="top" class="vncell"><?php echo gettext("Auto Rule Disable"); ?></td>
<td width="78%" class="vtable"><input name="preproc_auto_rule_disable" type="checkbox" value="on"
- <?php if ($pconfig['preproc_auto_rule_disable']=="on") echo "checked"; ?>
- onClick="enable_change(false)"> <?php echo gettext("Auto-disable text rules dependent on disabled preprocessors for this interface. ");
- echo gettext("Default is ") . '<strong>' . gettext("Not Checked."); ?></strong><br/>
+ <?php if ($pconfig['preproc_auto_rule_disable']=="on") echo "checked"; ?>>
+ <?php echo gettext("Auto-disable text rules dependent on disabled preprocessors for this interface. ");
+ echo gettext("Default is ") . '<strong>' . gettext("Not Checked"); ?></strong>.<br/>
<table width="100%" border="0" cellpadding="2" cellpadding="2">
<tr>
<td width="3%">&nbsp;</td>
@@ -329,11 +486,57 @@ h += 96;
<tr>
<td width="22%" valign="top" class="vncell"><?php echo gettext("Enable"); ?></td>
<td width="78%" class="vtable"><input name="http_inspect"
- type="checkbox" value="on"
- <?php if ($pconfig['http_inspect']=="on" || empty($pconfig['http_inspect'])) echo "checked"; ?>
- onClick="enable_change(false)"> <?php echo gettext("Use HTTP Inspect to " .
+ type="checkbox" value="on" id="http_inspect" onclick="http_inspect_enable_change()"
+ <?php if ($pconfig['http_inspect']=="on" || empty($pconfig['http_inspect'])) echo "checked"; ?>>
+ <?php echo gettext("Use HTTP Inspect to " .
"Normalize/Decode and detect HTTP traffic and protocol anomalies. Default is "); ?>
- <strong><?php echo gettext("Checked."); ?></strong></td>
+ <strong><?php echo gettext("Checked"); ?></strong>.</td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top" class="vncell"><?php echo gettext("Enable XFF/True-Client-IP"); ?></td>
+ <td width="78%" class="vtable"><input name="http_inspect_enable_xff"
+ type="checkbox" value="on" id="http_inspect_enable_xff"
+ <?php if ($pconfig['http_inspect_enable_xff']=="on") echo "checked"; ?>>
+ <?php echo gettext("Log original client IP present in X-Forwarded-For or True-Client-IP " .
+ "HTTP headers. Default is "); ?>
+ <strong><?php echo gettext("Not Checked"); ?></strong>.</td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top" class="vncell"><?php echo gettext("Enable URI Logging"); ?></td>
+ <td width="78%" class="vtable"><input name="http_inspect_log_uri"
+ type="checkbox" value="on" id="http_inspect_log_uri"
+ <?php if ($pconfig['http_inspect_log_uri']=="on") echo "checked"; ?>>
+ <?php echo gettext("Parse URI data from the HTTP request and log it with other session data." .
+ " Default is "); ?>
+ <strong><?php echo gettext("Not Checked"); ?></strong>.</td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top" class="vncell"><?php echo gettext("Enable Hostname Logging"); ?></td>
+ <td width="78%" class="vtable"><input name="http_inspect_log_hostname"
+ type="checkbox" value="on" id="http_inspect_log_hostname"
+ <?php if ($pconfig['http_inspect_log_hostname']=="on") echo "checked"; ?>>
+ <?php echo gettext("Parse Hostname data from the HTTP request and log it with other session data." .
+ " Default is "); ?>
+ <strong><?php echo gettext("Not Checked"); ?></strong>.</td>
+ </tr>
+ <tr>
+ <td valign="top" class="vncell"><?php echo gettext("HTTP Inspect Memory Cap"); ?></td>
+ <td class="vtable">
+ <table cellpadding="0" cellspacing="0">
+ <tr>
+ <td><input name="http_inspect_memcap" type="text" class="formfld"
+ id="http_inspect_memcap" size="6"
+ value="<?=htmlspecialchars($pconfig['http_inspect_memcap']);?>">&nbsp;&nbsp;
+ <?php echo gettext("Max memory in bytes to use for URI and Hostname logging. Min is ") .
+ "<strong>" . gettext("2304") . "</strong>" . gettext(" and Max is ") . "<strong>" .
+ gettext("603979776") . "</strong>" . gettext(" (576 MB)"); ?>.</td>
+ </tr>
+ </table>
+ <?php echo gettext("Maximum amount of memory the preprocessor will us for logging the URI and Hostname data. The default " .
+ "value is ") . "<strong>" . gettext("150,994,944") . "</strong>" . gettext(" (144 MB)."); ?>
+ <?php echo gettext(" This option determines the maximum HTTP sessions that will log URI and Hostname data at any given instant. ") .
+ gettext(" Max Logged Sessions = MEMCAP / 2304"); ?>.<br/>
+ </td>
</tr>
<tr>
<td valign="top" class="vncell"><?php echo gettext("HTTP server flow depth"); ?></td>
@@ -341,16 +544,16 @@ h += 96;
<table cellpadding="0" cellspacing="0">
<tr>
<td><input name="server_flow_depth" type="text" class="formfld"
- id="flow_depth" size="6"
+ id="server_flow_depth" size="6"
value="<?=htmlspecialchars($pconfig['server_flow_depth']);?>">&nbsp;&nbsp;<?php echo gettext("<strong>-1</strong> " .
"to <strong>65535</strong> (<strong>-1</strong> disables HTTP " .
"inspect, <strong>0</strong> enables all HTTP inspect)"); ?></td>
</tr>
</table>
<?php echo gettext("Amount of HTTP server response payload to inspect. Snort's " .
- "performance may increase by adjusting this value."); ?><br>
+ "performance may increase by adjusting this value."); ?><br/>
<?php echo gettext("Setting this value too low may cause false negatives. Values above 0 " .
- "are specified in bytes. Recommended setting is maximum (65535). Default value is <strong>300</strong>"); ?><br>
+ "are specified in bytes. Recommended setting is maximum (65535). Default value is <strong>300</strong>"); ?><br/>
</td>
</tr>
<tr>
@@ -364,10 +567,10 @@ h += 96;
<?php if (strtolower($val) == $pconfig['http_server_profile']) echo "selected"; ?>>
<?=gettext($val);?></option>
<?php endforeach; ?>
- </select>&nbsp;&nbsp;<?php echo gettext("Choose the profile type of the protected web server."); ?><br>
- <?php echo gettext(" The default is <strong>All</strong>. "); ?>
- <?php echo gettext("IIS_4.0 and IIS_5.0 are identical to IIS except they alert on the "); ?>
- <?php echo gettext("double decoding vulnerability present in those two versions."); ?><br>
+ </select>&nbsp;&nbsp;<?php echo gettext("Choose the profile type of the protected web server. The default is ") .
+ "<strong>" . gettext("All") . "</strong>"; ?><br/>
+ <?php echo gettext("IIS_4.0 and IIS_5.0 are identical to IIS except they alert on the ") .
+ gettext("double decoding vulnerability present in those versions."); ?><br/>
</td>
</tr>
<tr>
@@ -376,7 +579,7 @@ h += 96;
<table cellpadding="0" cellspacing="0">
<tr>
<td><input name="client_flow_depth" type="text" class="formfld"
- id="flow_depth" size="6"
+ id="client_flow_depth" size="6"
value="<?=htmlspecialchars($pconfig['client_flow_depth']);?>"> <?php echo gettext("<strong>-1</strong> " .
"to <strong>1460</strong> (<strong>-1</strong> disables HTTP " .
"inspect, <strong>0</strong> enables all HTTP inspect)"); ?></td>
@@ -385,22 +588,175 @@ h += 96;
<?php echo gettext("Amount of raw HTTP client request payload to inspect. Snort's " .
"performance may increase by adjusting this value."); ?><br>
<?php echo gettext("Setting this value too low may cause false negatives. Values above 0 " .
- "are specified in bytes. Recommended setting is maximum (1460). Default value is <strong>300</strong>"); ?><br>
+ "are specified in bytes. Recommended setting is maximum (1460). Default value is <strong>300</strong>"); ?><br/>
</td>
</tr>
<tr>
<td width="22%" valign="top" class="vncell"><?php echo gettext("Disable HTTP Alerts"); ?></td>
<td width="78%" class="vtable"><input name="noalert_http_inspect"
- type="checkbox" value="on"
+ type="checkbox" value="on" id="noalert_http_inspect"
<?php if ($pconfig['noalert_http_inspect']=="on" || empty($pconfig['noalert_http_inspect'])) echo "checked"; ?>
onClick="enable_change(false)"> <?php echo gettext("Turn off alerts from HTTP Inspect " .
"preprocessor. This has no effect on HTTP rules. Default is "); ?>
- <strong><?php echo gettext("Checked."); ?></strong></td>
+ <strong><?php echo gettext("Checked"); ?></strong>.</td>
+ </tr>
+
+ <tr>
+ <td colspan="2" valign="top" class="listtopic"><?php echo gettext("Frag3 Settings"); ?></td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top" class="vncell"><?php echo gettext("Enable"); ?></td>
+ <td width="78%" class="vtable"><input name="frag3_detection" type="checkbox" value="on" onclick="frag3_enable_change()"
+ <?php if ($pconfig['frag3_detection']=="on") echo "checked "; ?>
+ onClick="enable_change(false)">
+ <?php echo gettext("Use Frag3 Engine to detect IDS evasion attempts via target-based IP packet fragmentation. Default is ") .
+ "<strong>" . gettext("Checked") . "</strong>"; ?>.</td>
+ </tr>
+ <tr>
+ <td valign="top" class="vncell"><?php echo gettext("Memory Cap"); ?></td>
+ <td class="vtable">
+ <table cellpadding="0" cellspacing="0">
+ <tr>
+ <td><input name="frag3_memcap" type="text" class="formfld"
+ id="frag3_memcap" size="6"
+ value="<?=htmlspecialchars($pconfig['frag3_memcap']);?>">
+ <?php echo gettext("Memory cap (in bytes) for self preservation."); ?>.</td>
+ </tr>
+ </table>
+ <?php echo gettext("The maximum amount of memory allocated for Frag3 fragment reassembly. Default value is ") .
+ "<strong>" . gettext("4MB") . "</strong>"; ?>.<br/>
+ </td>
+ </tr>
+ <tr>
+ <td valign="top" class="vncell"><?php echo gettext("Maximum Fragments"); ?></td>
+ <td class="vtable">
+ <table cellpadding="0" cellspacing="0">
+ <tr>
+ <td><input name="frag3_max_frags" type="text" class="formfld"
+ id="frag3_max_frags" size="6"
+ value="<?=htmlspecialchars($pconfig['frag3_max_frags']);?>">
+ <?php echo gettext("Maximum simultaneous fragments to track."); ?></td>
+ </tr>
+ </table>
+ <?php echo gettext("The maximum number of simultaneous fragments to track. Default value is ") .
+ "<strong>8192</strong>."; ?><br>
+ </td>
+ </tr>
+ <tr>
+ <td valign="top" class="vncell"><?php echo gettext("Overlap Limit"); ?></td>
+ <td class="vtable">
+ <table cellpadding="0" cellspacing="0">
+ <tr>
+ <td><input name="frag3_overlap_limit" type="text" class="formfld"
+ id="frag3_overlap_limit" size="6"
+ value="<?=htmlspecialchars($pconfig['frag3_overlap_limit']);?>">
+ <?php echo gettext("Minimum is ") . "<strong>0</strong>" . gettext(" (unlimited), values greater than zero set the overlapped fragments per packet limit."); ?></td>
+ </tr>
+ </table>
+ <?php echo gettext("Sets the limit for the number of overlapping fragments allowed per packet. Default value is ") .
+ "<strong>0</strong>" . gettext(" (unlimited)."); ?><br>
+ </td>
+ </tr>
+ <tr>
+ <td valign="top" class="vncell"><?php echo gettext("Minimum Fragment Length"); ?></td>
+ <td class="vtable">
+ <table cellpadding="0" cellspacing="0">
+ <tr>
+ <td><input name="frag3_min_frag_len" type="text" class="formfld"
+ id="frag3_min_frag_len" size="6"
+ value="<?=htmlspecialchars($pconfig['frag3_min_frag_len']);?>">
+ <?php echo gettext("Minimum is ") . "<strong>0</strong>" . gettext(" (check is disabled). Fragments smaller than or equal to this limit are considered malicious."); ?></td>
+ </tr>
+ </table>
+ <?php echo gettext("Defines smallest fragment size (payload size) that should be considered valid. Default value is ") .
+ "<strong>0</strong>" . gettext(" (check is disabled)."); ?><br>
+ </td>
+ </tr>
+ <tr>
+ <td valign="top" class="vncell"><?php echo gettext("Timeout"); ?></td>
+ <td class="vtable">
+ <table cellpadding="0" cellspacing="0">
+ <tr>
+ <td><input name="frag3_timeout" type="text" class="formfld"
+ id="frag3_timeout" size="6"
+ value="<?=htmlspecialchars($pconfig['frag3_timeout']);?>">
+ <?php echo gettext("Timeout period in seconds for fragments in the engine."); ?></td>
+ </tr>
+ </table>
+ <?php echo gettext("Fragments in the engine for longer than this period will be automatically dropped. Default value is ") .
+ "<strong>" . gettext("60 ") . "</strong>" . gettext("seconds."); ?><br/>
+ </td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top" class="vncell"><?php echo gettext("Target Policy"); ?> </td>
+ <td width="78%" class="vtable">
+ <select name="frag3_policy" class="formselect" id="frag3_policy">
+ <?php
+ $profile = array( 'BSD', 'BSD-Right', 'First', 'Last', 'Linux', 'Solaris', 'Windows' );
+ foreach ($profile as $val): ?>
+ <option value="<?=strtolower($val);?>"
+ <?php if (strtolower($val) == $pconfig['frag3_policy']) echo "selected"; ?>>
+ <?=gettext($val);?></option>
+ <?php endforeach; ?>
+ </select>&nbsp;&nbsp;<?php echo gettext("Choose the IP fragmentation target policy appropriate for the protected hosts. The default is ") .
+ "<strong>" . gettext("BSD") . "</strong>"; ?>.<br/>
+ <?php echo gettext("Available OS targets are BSD, BSD-Right, First, Last, Linux, Solaris and Windows."); ?><br/></td>
+ </td>
</tr>
<tr>
<td colspan="2" valign="top" class="listtopic"><?php echo gettext("Stream5 Settings"); ?></td>
</tr>
<tr>
+ <td width="22%" valign="top" class="vncell"><?php echo gettext("Enable"); ?></td>
+ <td width="78%" class="vtable"><input name="stream5_reassembly" type="checkbox" value="on" onclick="stream5_enable_change()"
+ <?php if ($pconfig['stream5_reassembly']=="on") echo "checked "; ?>">
+ <?php echo gettext("Use Stream5 session reassembly for TCP, UDP and/or ICMP traffic. Default is ") .
+ "<strong>" . gettext("Checked") . "</strong>"; ?>.</td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top" class="vncell"><?php echo gettext("Protocol Tracking"); ?></td>
+ <td width="78%" class="vtable">
+ <input name="stream5_track_tcp" type="checkbox" value="on" id="stream5_track_tcp"
+ <?php if ($pconfig['stream5_track_tcp']=="on") echo "checked"; ?>>
+ <?php echo gettext("Track and reassemble TCP sessions. Default is ") .
+ "<strong>" . gettext("Checked") . "</strong>."; ?>
+ <br/>
+ <input name="stream5_track_udp" type="checkbox" value="on" id="stream5_track_udp"
+ <?php if ($pconfig['stream5_track_udp']=="on") echo "checked"; ?>>
+ <?php echo gettext("Track and reassemble UDP sessions. Default is ") .
+ "<strong>" . gettext("Checked") . "</strong>."; ?>
+ <br/>
+ <input name="stream5_track_icmp" type="checkbox" value="on" id="stream5_track_icmp"
+ <?php if ($pconfig['stream5_track_icmp']=="on") echo "checked"; ?>>
+ <?php echo gettext("Track and reassemble ICMP sessions. Default is ") .
+ "<strong>" . gettext("Not Checked") . "</strong>."; ?>
+ </td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top" class="vncell"><?php echo gettext("Require 3-Way Handshake"); ?></td>
+ <td width="78%" class="vtable"><input name="stream5_require_3whs" type="checkbox" value="on"
+ <?php if ($pconfig['stream5_require_3whs']=="on") echo "checked "; ?>>
+ <?php echo gettext("Establish sessions only on completion of SYN/SYN-ACK/ACK handshake. Default is ") .
+ "<strong>" . gettext("Not Checked") . "</strong>"; ?>.</td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top" class="vncell"><?php echo gettext("Do Not Reassemble Async"); ?></td>
+ <td width="78%" class="vtable"><input name="stream5_no_reassemble_async" type="checkbox" value="on"
+ <?php if ($pconfig['stream5_no_reassemble_async']=="on") echo "checked "; ?>>
+ <?php echo gettext("Do not queue packets for reassembly if traffic has not been seen in both directions. Default is ") .
+ "<strong>" . gettext("Not Checked") . "</strong>"; ?>.</td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top" class="vncell"><?php echo gettext("Do Not Store Large TCP Packets"); ?></td>
+ <td width="78%" class="vtable">
+ <input name="stream5_dont_store_lg_pkts" type="checkbox" value="on"
+ <?php if ($pconfig['stream5_dont_store_lg_pkts']=="on") echo "checked "; ?>>
+ <?php echo gettext("Do not queue large packets in reassembly buffer to increase performance. Default is ") .
+ "<strong>" . gettext("Not Checked") . "</strong>"; ?>.<br/>
+ <?php echo "<span class=\"red\"><strong>" . gettext("Warning: ") . "</strong></span>" .
+ gettext("Enabing this option could result in missed packets. Recommended setting is not checked."); ?></td>
+ </tr>
+ <tr>
<td valign="top" class="vncell"><?php echo gettext("Max Queued Bytes"); ?></td>
<td class="vtable">
<table cellpadding="0" cellspacing="0">
@@ -410,11 +766,11 @@ h += 96;
value="<?=htmlspecialchars($pconfig['max_queued_bytes']);?>">
<?php echo gettext("Minimum is <strong>1024</strong>, Maximum is <strong>1073741824</strong> " .
"( default value is <strong>1048576</strong>, <strong>0</strong> " .
- "means Maximum )"); ?></td>
+ "means Maximum )"); ?>.</td>
</tr>
</table>
<?php echo gettext("The number of bytes to be queued for reassembly for TCP sessions in " .
- "memory. Default value is <strong>1048576</strong>"); ?><br>
+ "memory. Default value is <strong>1048576</strong>"); ?>.<br>
</td>
</tr>
<tr>
@@ -427,11 +783,11 @@ h += 96;
value="<?=htmlspecialchars($pconfig['max_queued_segs']);?>">
<?php echo gettext("Minimum is <strong>2</strong>, Maximum is <strong>1073741824</strong> " .
"( default value is <strong>2621</strong>, <strong>0</strong> means " .
- "Maximum )"); ?></td>
+ "Maximum )"); ?>.</td>
</tr>
</table>
<?php echo gettext("The number of segments to be queued for reassembly for TCP sessions " .
- "in memory. Default value is <strong>2621</strong>"); ?><br>
+ "in memory. Default value is <strong>2621</strong>"); ?>.<br>
</td>
</tr>
<tr>
@@ -443,25 +799,152 @@ h += 96;
id="stream5_mem_cap" size="6"
value="<?=htmlspecialchars($pconfig['stream5_mem_cap']);?>">
<?php echo gettext("Minimum is <strong>32768</strong>, Maximum is <strong>1073741824</strong> " .
- "( default value is <strong>8388608</strong>) "); ?></td>
+ "( default value is <strong>8388608</strong>) "); ?>.</td>
</tr>
</table>
<?php echo gettext("The memory cap in bytes for TCP packet storage " .
- "in RAM. Default value is <strong>8388608</strong> (8 MB)"); ?><br>
+ "in RAM. Default value is <strong>8388608</strong> (8 MB)"); ?>.<br>
+ </td>
+ </tr>
+ <tr>
+ <td valign="top" class="vncell"><?php echo gettext("Overlap Limit"); ?></td>
+ <td class="vtable">
+ <table cellpadding="0" cellspacing="0">
+ <tr>
+ <td><input name="stream5_overlap_limit" type="text" class="formfld"
+ id="stream5_overlap_limit" size="6"
+ value="<?=htmlspecialchars($pconfig['stream5_overlap_limit']);?>">
+ <?php echo gettext("Minimum is ") . "<strong>0</strong>" . gettext(" (unlimited), and the maximum is ") .
+ "<strong>255</strong>."; ?></td>
+ </tr>
+ </table>
+ <?php echo gettext("Sets the limit for the number of overlapping fragments allowed per packet. Default value is ") .
+ "<strong>0</strong>" . gettext(" (unlimited)."); ?><br>
+ </td>
+ </tr>
+ <tr>
+ <td valign="top" class="vncell"><?php echo gettext("TCP Session Timeout"); ?></td>
+ <td class="vtable">
+ <table cellpadding="0" cellspacing="0">
+ <tr>
+ <td><input name="stream5_tcp_timeout" type="text" class="formfld"
+ id="stream5_tcp_timeout" size="6"
+ value="<?=htmlspecialchars($pconfig['stream5_tcp_timeout']);?>">
+ <?php echo gettext("TCP Session timeout in seconds. Minimum is ") . "<strong>1</strong>" . gettext(" and the maximum is ") .
+ "<strong>86400</strong>" . gettext(" (approximately 1 day)"); ?>.</td>
+ </tr>
+ </table>
+ <?php echo gettext("Sets the session reassembly timeout period for TCP packets. Default value is ") .
+ "<strong>30</strong>" . gettext(" seconds."); ?><br>
+ </td>
+ </tr>
+ <tr>
+ <td valign="top" class="vncell"><?php echo gettext("UDP Session Timeout"); ?></td>
+ <td class="vtable">
+ <table cellpadding="0" cellspacing="0">
+ <tr>
+ <td><input name="stream5_udp_timeout" type="text" class="formfld"
+ id="stream5_udp_timeout" size="6"
+ value="<?=htmlspecialchars($pconfig['stream5_udp_timeout']);?>">
+ <?php echo gettext("UDP Session timeout in seconds. Minimum is ") . "<strong>1</strong>" . gettext(" and the maximum is ") .
+ "<strong>86400</strong>" . gettext(" (approximately 1 day)"); ?>.</td>
+ </tr>
+ </table>
+ <?php echo gettext("Sets the session reassembly timeout period for UDP packets. Default value is ") .
+ "<strong>30</strong>" . gettext(" seconds."); ?><br>
+ </td>
+ </tr>
+ <tr>
+ <td valign="top" class="vncell"><?php echo gettext("ICMP Session Timeout"); ?></td>
+ <td class="vtable">
+ <table cellpadding="0" cellspacing="0">
+ <tr>
+ <td><input name="stream5_icmp_timeout" type="text" class="formfld"
+ id="stream5_icmp_timeout" size="6"
+ value="<?=htmlspecialchars($pconfig['stream5_icmp_timeout']);?>">
+ <?php echo gettext("ICMP Session timeout in seconds. Minimum is ") . "<strong>1</strong>" . gettext(" and the maximum is ") .
+ "<strong>86400</strong>" . gettext(" (approximately 1 day)"); ?>.</td>
+ </tr>
+ </table>
+ <?php echo gettext("Sets the session reassembly timeout period for ICMP packets. Default value is ") .
+ "<strong>30</strong>" . gettext(" seconds."); ?><br>
+ </td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top" class="vncell"><?php echo gettext("IP Target Policy"); ?> </td>
+ <td width="78%" class="vtable">
+ <select name="stream5_policy" class="formselect" id="stream5_policy">
+ <?php
+ $profile = array( 'BSD', 'First', 'HPUX', 'HPUX10', 'Irix', 'Last', 'Linux', 'MacOS', 'Old-Linux',
+ 'Solaris', 'Vista', 'Windows', 'Win2003' );
+ foreach ($profile as $val): ?>
+ <option value="<?=strtolower($val);?>"
+ <?php if (strtolower($val) == $pconfig['stream5_policy']) echo "selected"; ?>>
+ <?=gettext($val);?></option>
+ <?php endforeach; ?>
+ </select>&nbsp;&nbsp;<?php echo gettext("Choose the TCP reassembly target policy appropriate for the protected hosts. The default is ") .
+ "<strong>" . gettext("BSD") . "</strong>"; ?>.<br/>
+ <?php echo gettext("Available OS targets are BSD, First, HPUX, HPUX10, Irix, Last, Linux, MacOS, Old Linux, Solaris, Vista, Windows, and Win2003 Server."); ?><br/></td>
</td>
</tr>
-
<tr>
<td colspan="2" valign="top" class="listtopic"><?php echo gettext("Portscan Settings"); ?></td>
</tr>
<tr>
<td width="22%" valign="top" class="vncell"><?php echo gettext("Enable"); ?> <br>
<?php echo gettext("Portscan Detection"); ?></td>
- <td width="78%" class="vtable"><input name="sf_portscan"
- type="checkbox" value="on"
- <?php if ($pconfig['sf_portscan']=="on") echo "checked"; ?>
- onClick="enable_change(false)"><br>
- <?php echo gettext("Detects various types of portscans and portsweeps."); ?></td>
+ <td width="78%" class="vtable"><input name="sf_portscan" onclick="sf_portscan_enable_change()"
+ type="checkbox" value="on" id="sf_portscan"
+ <?php if ($pconfig['sf_portscan']=="on") echo "checked"; ?>>
+ <?php echo gettext("Use Portscan Detection to detect various types of port scans and sweeps. Default is ") .
+ "<strong>" . gettext("Not Checked") . "</strong>"; ?>.</td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top" class="vncell"><?php echo gettext("Protocol"); ?> </td>
+ <td width="78%" class="vtable">
+ <select name="pscan_protocol" class="formselect" id="pscan_protocol">
+ <?php
+ $protos = array('all', 'tcp', 'udp', 'icmp', 'ip');
+ foreach ($protos as $val): ?>
+ <option value="<?=$val;?>"
+ <?php if ($val == $pconfig['pscan_protocol']) echo "selected"; ?>>
+ <?=gettext($val);?></option>
+ <?php endforeach; ?>
+ </select>&nbsp;&nbsp;<?php echo gettext("Choose the Portscan protocol type to alert for (all, tcp, udp, icmp or ip). Default is ") .
+ "<strong>" . gettext("all") . "</strong>."; ?><br/>
+ </td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top" class="vncell"><?php echo gettext("Scan Type"); ?> </td>
+ <td width="78%" class="vtable">
+ <select name="pscan_type" class="formselect" id="pscan_type">
+ <?php
+ $protos = array('all', 'portscan', 'portsweep', 'decoy_portscan', 'distributed_portscan');
+ foreach ($protos as $val): ?>
+ <option value="<?=$val;?>"
+ <?php if ($val == $pconfig['pscan_type']) echo "selected"; ?>>
+ <?=gettext($val);?></option>
+ <?php endforeach; ?>
+ </select>&nbsp;&nbsp;<?php echo gettext("Choose the Portscan scan type to alert for. Default is ") .
+ "<strong>" . gettext("all") . "</strong>."; ?><br/>
+ <table width="100%" border="0" cellpadding="0" cellspacing="0">
+ <tr>
+ <td><?php echo gettext("PORTSCAN: one->one scan; one host scans multiple ports on another host."); ?></td>
+ </tr>
+ <tr>
+ <td><?php echo gettext("PORTSWEEP: one->many scan; one host scans a single port on multiple hosts."); ?></td>
+ </tr>
+ <tr>
+ <td><?php echo gettext("DECOY_PORTSCAN: one->one scan; attacker has spoofed source address inter-mixed with real scanning address."); ?></td>
+ </tr>
+ <tr>
+ <td><?php echo gettext("DISTRIBUTED_PORTSCAN: many->one scan; multiple hosts query one host for open services."); ?></td>
+ </tr>
+ <tr>
+ <td><?php echo gettext("ALL: alerts for all of the above scan types."); ?></td>
+ </tr>
+ </table>
+ </td>
</tr>
<tr>
<td width="22%" valign="top" class="vncell"><?php echo gettext("Sensitivity"); ?> </td>
@@ -474,22 +957,51 @@ h += 96;
<?php if ($val == $pconfig['pscan_sense_level']) echo "selected"; ?>>
<?=gettext(ucfirst($val));?></option>
<?php endforeach; ?>
- </select><br>
- <?php echo gettext("LOW: alerts generated on error packets from the target host; "); ?>
- <?php echo gettext("this setting should see few false positives. "); ?><br>
- <?php echo gettext("MEDIUM: tracks connection counts, so will generate filtered alerts; may "); ?>
- <?php echo gettext("false positive on active hosts."); ?><br>
- <?php echo gettext("HIGH: tracks hosts using a time window; will catch some slow scans, but is "); ?>
- <?php echo gettext("very sensitive to active hosts."); ?><br/>
+ </select>&nbsp;&nbsp;<?php echo gettext("Choose the Portscan sensitivity level (Low, Medium, High). Default is ") .
+ "<strong>" . gettext("Medium") . "</strong>."; ?><br/>
+ <table width="100%" border="0" cellpadding="0" cellspacing="0">
+ <tr>
+ <td><?php echo gettext("LOW: alerts generated on error packets from the target host; "); ?>
+ <?php echo gettext("this setting should see few false positives. "); ?></td>
+ </tr>
+ <tr>
+ <td><?php echo gettext("MEDIUM: tracks connection counts, so will generate filtered alerts; may "); ?>
+ <?php echo gettext("false positive on active hosts."); ?></td>
+ </tr>
+ <tr>
+ <td><?php echo gettext("HIGH: tracks hosts using a time window; will catch some slow scans, but is "); ?>
+ <?php echo gettext("very sensitive to active hosts."); ?></td>
+ </tr>
+ </table>
+ </td>
+ </tr>
+ <tr>
+ <td valign="top" class="vncell"><?php echo gettext("Memory Cap"); ?></td>
+ <td class="vtable">
+ <table cellpadding="0" cellspacing="0">
+ <tr>
+ <td><input name="pscan_memcap" type="text" class="formfld"
+ id="pscan_memcap" size="6"
+ value="<?=htmlspecialchars($pconfig['pscan_memcap']);?>">
+ <?php echo gettext("Maximum memory in bytes to allocate for portscan detection. ") .
+ gettext("Default is ") . "<strong>" . gettext("10000000") . "</strong>" .
+ gettext(" (10 MB)"); ?>.</td>
+ </tr>
+ </table>
+ <?php echo gettext("The maximum number of bytes to allocate for portscan detection. The higher this number, ") .
+ gettext("the more nodes that can be tracked. Default is ") .
+ "<strong>10,000,000</strong>" . gettext(" bytes. (10 MB)"); ?><br>
</td>
</tr>
- <td width="22%" valign="top" class="vncell"><?php echo gettext("Ignore Scanners"); ?> </td>
+ <tr>
+ <td width="22%" valign="top" class="vncell"><?php echo gettext("Ignore Scanners"); ?></td>
<td width="78%" class="vtable">
<input name="pscan_ignore_scanners" type="text" size="40" autocomplete="off" class="formfldalias" id="pscan_ignore_scanners"
- value="<?=$pconfig['pscan_ignore_scanners'];?>"> <br><?php echo gettext("Ignores the specified entity as a source of scan alerts. Entity must be a defined alias.");?><br>
- <?php echo gettext("Default value: \$HOME_NET."); ?><?php echo gettext(" Leave " .
- "blank for default value."); ?>
+ value="<?=$pconfig['pscan_ignore_scanners'];?>">&nbsp;&nbsp;<?php echo gettext("Leave blank for default. ") .
+ gettext("Default value is ") . "<strong>" . gettext("\$HOME_NET") . "</strong>"; ?>.<br/>
+ <?php echo gettext("Ignores the specified entity as a source of scan alerts. Entity must be a defined alias."); ?><br/>
</td>
+ </tr>
<tr>
<td colspan="2" valign="top" class="listtopic"><?php echo gettext("General Preprocessor Settings"); ?></td>
</tr>
@@ -498,78 +1010,70 @@ h += 96;
<?php echo gettext("RPC Decode and Back Orifice detector"); ?></td>
<td width="78%" class="vtable"><input name="other_preprocs"
type="checkbox" value="on"
- <?php if ($pconfig['other_preprocs']=="on") echo "checked"; ?>
- onClick="enable_change(false)"><br>
+ <?php if ($pconfig['other_preprocs']=="on") echo "checked"; ?>>
<?php echo gettext("Normalize/Decode RPC traffic and detects Back Orifice traffic on the network. Default is ") .
- "<strong>" . gettext("Checked") . "</strong>"; ?></td>
+ "<strong>" . gettext("Checked") . "</strong>"; ?>.</td>
</tr>
<tr>
<td width="22%" valign="top" class="vncell"><?php echo gettext("Enable"); ?> <br>
<?php echo gettext("FTP and Telnet Normalizer"); ?></td>
<td width="78%" class="vtable"><input name="ftp_preprocessor"
type="checkbox" value="on"
- <?php if ($pconfig['ftp_preprocessor']=="on") echo "checked"; ?>
- onClick="enable_change(false)"><br>
+ <?php if ($pconfig['ftp_preprocessor']=="on") echo "checked"; ?>>
<?php echo gettext("Normalize/Decode FTP and Telnet traffic and protocol anomalies. Default is ") .
- "<strong>" . gettext("Checked") . "</strong>"; ?></td>
+ "<strong>" . gettext("Checked") . "</strong>"; ?>.</td>
</tr>
<tr>
<td width="22%" valign="top" class="vncell"><?php echo gettext("Enable"); ?> <br>
<?php echo gettext("POP Normalizer"); ?></td>
<td width="78%" class="vtable"><input name="pop_preproc"
type="checkbox" value="on"
- <?php if ($pconfig['pop_preproc']=="on") echo "checked"; ?>
- onClick="enable_change(false)"><br>
+ <?php if ($pconfig['pop_preproc']=="on") echo "checked"; ?>>
<?php echo gettext("Normalize/Decode POP protocol for enforcement and buffer overflows. Default is ") .
- "<strong>" . gettext("Checked") . "</strong>"; ?></td>
+ "<strong>" . gettext("Checked") . "</strong>"; ?>.</td>
</tr>
<tr>
<td width="22%" valign="top" class="vncell"><?php echo gettext("Enable"); ?> <br>
<?php echo gettext("IMAP Normalizer"); ?></td>
<td width="78%" class="vtable"><input name="imap_preproc"
type="checkbox" value="on"
- <?php if ($pconfig['imap_preproc']=="on") echo "checked"; ?>
- onClick="enable_change(false)"><br>
+ <?php if ($pconfig['imap_preproc']=="on") echo "checked"; ?>>
<?php echo gettext("Normalize/Decode IMAP protocol for enforcement and buffer overflows. Default is ") .
- "<strong>" . gettext("Checked") . "</strong>"; ?></td>
+ "<strong>" . gettext("Checked") . "</strong>"; ?>.</td>
</tr>
<tr>
<td width="22%" valign="top" class="vncell"><?php echo gettext("Enable"); ?> <br>
<?php echo gettext("SMTP Normalizer"); ?></td>
<td width="78%" class="vtable"><input name="smtp_preprocessor"
type="checkbox" value="on"
- <?php if ($pconfig['smtp_preprocessor']=="on") echo "checked"; ?>
- onClick="enable_change(false)"><br>
+ <?php if ($pconfig['smtp_preprocessor']=="on") echo "checked"; ?>>
<?php echo gettext("Normalize/Decode SMTP protocol for enforcement and buffer overflows. Default is ") .
- "<strong>" . gettext("Checked") . "</strong>"; ?></td>
+ "<strong>" . gettext("Checked") . "</strong>"; ?>.</td>
</tr>
<tr>
<td width="22%" valign="top" class="vncell"><?php echo gettext("Enable"); ?> <br>
<?php echo gettext("DCE/RPC2 Detection"); ?></td>
<td width="78%" class="vtable"><input name="dce_rpc_2"
type="checkbox" value="on"
- <?php if ($pconfig['dce_rpc_2']=="on") echo "checked"; ?>
- onClick="enable_change(false)"><br>
+ <?php if ($pconfig['dce_rpc_2']=="on") echo "checked"; ?>>
<?php echo gettext("The DCE/RPC preprocessor detects and decodes SMB and DCE/RPC traffic. Default is ") .
- "<strong>" . gettext("Checked") . "</strong>"; ?></td>
+ "<strong>" . gettext("Checked") . "</strong>"; ?>.</td>
</tr>
<tr>
<td width="22%" valign="top" class="vncell"><?php echo gettext("Enable"); ?> <br>
<?php echo gettext("SIP Detection"); ?></td>
<td width="78%" class="vtable"><input name="sip_preproc"
type="checkbox" value="on"
- <?php if ($pconfig['sip_preproc']=="on") echo "checked"; ?>
- onClick="enable_change(false)"><br>
+ <?php if ($pconfig['sip_preproc']=="on") echo "checked"; ?>>
<?php echo gettext("The SIP preprocessor decodes SIP traffic and detects some vulnerabilities. Default is ") .
- "<strong>" . gettext("Checked") . "</strong>"; ?></td>
+ "<strong>" . gettext("Checked") . "</strong>"; ?>.</td>
</tr>
<tr>
<td width="22%" valign="top" class="vncell"><?php echo gettext("Enable"); ?> <br>
<?php echo gettext("GTP Detection"); ?></td>
<td width="78%" class="vtable"><input name="gtp_preproc"
type="checkbox" value="on"
- <?php if ($pconfig['gtp_preproc']=="on") echo "checked"; ?>
- onClick="enable_change(false)"><br>
+ <?php if ($pconfig['gtp_preproc']=="on") echo "checked"; ?>>
<?php echo gettext("The GTP preprocessor decodes GPRS Tunneling Protocol traffic and detects intrusion attempts."); ?></td>
</tr>
<tr>
@@ -577,20 +1081,17 @@ h += 96;
<?php echo gettext("DNS Detection"); ?></td>
<td width="78%" class="vtable"><input name="dns_preprocessor"
type="checkbox" value="on"
- <?php if ($pconfig['dns_preprocessor']=="on") echo "checked"; ?>
- onClick="enable_change(false)"><br>
- <?php echo gettext("The DNS preprocessor decodes DNS Response traffic and detects some vulnerabilities. Default is ") .
- "<strong>" . gettext("Checked") . "</strong>"; ?></td>
+ <?php if ($pconfig['dns_preprocessor']=="on") echo "checked"; ?>>
+ <?php echo gettext("The DNS preprocessor decodes DNS Response traffic and detects vulnerabilities. Default is ") .
+ "<strong>" . gettext("Checked") . "</strong>"; ?>.</td>
</tr>
<tr>
<td width="22%" valign="top" class="vncell"><?php echo gettext("Enable"); ?> <br> <?php echo gettext("SSL Data"); ?></td>
<td width="78%" class="vtable">
<input name="ssl_preproc" type="checkbox" value="on"
- <?php if ($pconfig['ssl_preproc']=="on") echo "checked"; ?>
- onClick="enable_change(false)"><br>
+ <?php if ($pconfig['ssl_preproc']=="on") echo "checked"; ?>>
<?php echo gettext("SSL data searches for irregularities during SSL protocol exchange. Default is ") .
- "<strong>" . gettext("Checked") . "</strong>"; ?>
- </td>
+ "<strong>" . gettext("Checked") . "</strong>"; ?>.</td>
</tr>
<tr>
<td width="22%" valign="top" class="vncell"><?php echo gettext("Enable"); ?> <br> <?php echo gettext("Sensitive Data"); ?></td>
@@ -600,9 +1101,9 @@ h += 96;
echo "checked";
elseif ($vrt_enabled == "off")
echo "disabled";
- ?>
- onClick="enable_change(false)"><br>
- <?php echo gettext("Sensitive data searches for credit card or Social Security numbers and e-mail addresses in data."); ?><br/>
+ ?>>
+ <?php echo gettext("Sensitive data searches for credit card or Social Security numbers and e-mail addresses in data."); ?>
+ <br/>
<span class="red"><strong><?php echo gettext("Note: "); ?></strong></span><?php echo gettext("To enable this preprocessor, you must select the Snort VRT rules on the Global Settings tab."); ?>
</td>
</tr>
@@ -613,36 +1114,39 @@ h += 96;
<td width="22%" valign="top" class="vncell"><?php echo gettext("Enable"); ?> <br> <?php echo gettext("Modbus Detection"); ?></td>
<td width="78%" class="vtable">
<input name="modbus_preproc" type="checkbox" value="on"
- <?php if ($pconfig['modbus_preproc']=="on") echo "checked"; ?>
- onClick="enable_change(false)"><br>
- <?php echo gettext("Modbus is a protocol used in SCADA networks. The default port is TCP 502. If your network does " .
- "not contain Modbus-enabled devices, you should leave this preprocessor disabled."); ?>
+ <?php if ($pconfig['modbus_preproc']=="on") echo "checked"; ?>>
+ <?php echo gettext("Modbus is a protocol used in SCADA networks. The default port is TCP 502.") . "<br/>" .
+ gettext("If your network does not contain Modbus-enabled devices, you should leave this preprocessor disabled."); ?>
</td>
</tr>
<tr>
<td width="22%" valign="top" class="vncell"><?php echo gettext("Enable"); ?> <br> <?php echo gettext("DNP3 Detection"); ?></td>
<td width="78%" class="vtable">
<input name="dnp3_preproc" type="checkbox" value="on"
- <?php if ($pconfig['dnp3_preproc']=="on") echo "checked"; ?>
- onClick="enable_change(false)"><br>
- <?php echo gettext("DNP3 is a protocol used in SCADA networks. The default port is TCP 20000. If your network does " .
- "not contain DNP3-enabled devices, you should leave this preprocessor disabled."); ?>
+ <?php if ($pconfig['dnp3_preproc']=="on") echo "checked"; ?>>
+ <?php echo gettext("DNP3 is a protocol used in SCADA networks. The default port is TCP 20000.") . "<br/>" .
+ gettext("If your network does not contain DNP3-enabled devices, you should leave this preprocessor disabled."); ?>
</td>
</tr>
<tr>
<td width="22%" valign="top">&nbsp;</td>
<td width="78%">
- <input name="Submit" type="submit" class="formbtn" value="Save">
- <input name="id" type="hidden" value="<?=$id;?>"></td>
+ <input name="Submit" type="submit" class="formbtn" value="Save" title="<?php echo
+ gettext("Save preprocessor settings"); ?>"/>
+ <input name="id" type="hidden" value="<?=$id;?>">&nbsp;&nbsp;&nbsp;&nbsp;
+ <input name="ResetAll" type="submit" class="formbtn" value="Reset" title="<?php echo
+ gettext("Reset all settings to defaults") . "\" onclick=\"return confirm('" .
+ gettext("WARNING: This will reset ALL preprocessor settings to their defaults. Click OK to continue or CANCEL to quit.") .
+ "')\""; ?>/></td>
</tr>
<tr>
<td width="22%" valign="top">&nbsp;</td>
- <td width="78%"><span class="vexpl"><span class="red"><strong><?php echo gettext("Note:"); ?></strong></span>
- <br>
- <?php echo gettext("Please save your settings before you click Start. Preprocessor changes will rebuild the rules file. "); ?>
- </br><?php echo gettext("This may take several seconds. Snort must also be restarted to activate any changes made on this screen."); ?></td>
+ <td width="78%"><span class="vexpl"><span class="red"><strong><?php echo gettext("Note: "); ?></strong></span>
+ <?php echo gettext("Please save your settings before you exit. Preprocessor changes will rebuild the rules file. This "); ?>
+ </br><?php echo gettext("may take several seconds. Snort must also be restarted to activate any changes made on this screen."); ?></td>
</tr>
</table>
+</div>
</td></tr></table>
</form>
<script type="text/javascript">
@@ -678,6 +1182,119 @@ function createAutoSuggest() {
setTimeout("createAutoSuggest();", 500);
+function frag3_enable_change() {
+ if (!document.iform.frag3_detection.checked) {
+ var msg = "WARNING: Disabling the Frag3 preprocessor is not recommended!\n\n";
+ msg = msg + "Snort may fail to start because of other dependent preprocessors or ";
+ msg = msg + "rule options. Are you sure you want to disable it?\n\n";
+ msg = msg + "Click OK to disable Frag3, or CANCEL to quit.";
+ if (!confirm(msg)) {
+ document.iform.frag3_detection.checked=true;
+ }
+ }
+ var endis = !(document.iform.frag3_detection.checked);
+ document.iform.frag3_overlap_limit.disabled=endis;
+ document.iform.frag3_min_frag_len.disabled=endis;
+ document.iform.frag3_policy.disabled=endis;
+ document.iform.frag3_max_frags.disabled=endis;
+ document.iform.frag3_memcap.disabled=endis;
+ document.iform.frag3_timeout.disabled=endis;
+}
+
+function http_inspect_enable_change() {
+ var endis = !(document.iform.http_inspect.checked);
+ document.iform.http_inspect_enable_xff.disabled=endis;
+ document.iform.server_flow_depth.disabled=endis;
+ document.iform.client_flow_depth.disabled=endis;
+ document.iform.http_server_profile.disabled=endis;
+ document.iform.http_inspect_memcap.disabled=endis;
+ document.iform.http_inspect_log_uri.disabled=endis;
+ document.iform.http_inspect_log_hostname.disabled=endis;
+}
+
+function sf_portscan_enable_change() {
+ var endis = !(document.iform.sf_portscan.checked);
+ document.iform.pscan_protocol.disabled=endis;
+ document.iform.pscan_type.disabled=endis;
+ document.iform.pscan_memcap.disabled=endis;
+ document.iform.pscan_sense_level.disabled=endis;
+ document.iform.pscan_ignore_scanners.disabled=endis;
+}
+
+function stream5_enable_change() {
+ if (!document.iform.stream5_reassembly.checked) {
+ var msg = "WARNING: Stream5 is a critical preprocessor, and disabling it is not recommended! ";
+ msg = msg + "The following preprocessors require Stream5 and will be automatically disabled if currently enabled:\n\n";
+ msg = msg + " SMTP\t\tPOP\t\tSIP\n";
+ msg = msg + " SENSITIVE_DATA\tSF_PORTSCAN\tDCE/RPC 2\n";
+ msg = msg + " IMAP\t\tDNS\t\tSSL\n";
+ msg = msg + " GTP\t\tDNP3\t\tMODBUS\n\n";
+ msg = msg + "Snort may fail to start because of other preprocessors or rule options dependent on Stream5. ";
+ msg = msg + "Are you sure you want to disable it?\n\n";
+ msg = msg + "Click OK to disable Stream5, or CANCEL to quit.";
+ if (!confirm(msg)) {
+ document.iform.stream5_reassembly.checked=true;
+ }
+ else {
+ alert("If Snort fails to start with Stream5 disabled, examine the system log for clues.");
+ document.iform.smtp_preprocessor.checked=false;
+ document.iform.dce_rpc_2.checked=false;
+ document.iform.sip_preproc.checked=false;
+ document.iform.sensitive_data.checked=false;
+ document.iform.imap_preproc.checked=false;
+ document.iform.pop_preproc.checked=false;
+ document.iform.ssl_preproc.checked=false;
+ document.iform.dns_preprocessor.checked=false;
+ document.iform.modbus_preproc.checked=false;
+ document.iform.dnp3_preproc.checked=false;
+ document.iform.sf_portscan.checked=false;
+ sf_portscan_enable_change();
+ }
+ }
+
+ var endis = !(document.iform.stream5_reassembly.checked);
+ document.iform.max_queued_bytes.disabled=endis;
+ document.iform.max_queued_segs.disabled=endis;
+ document.iform.stream5_mem_cap.disabled=endis;
+ document.iform.stream5_policy.disabled=endis;
+ document.iform.stream5_overlap_limit.disabled=endis;
+ document.iform.stream5_no_reassemble_async.disabled=endis;
+ document.iform.stream5_dont_store_lg_pkts.disabled=endis;
+ document.iform.stream5_tcp_timeout.disabled=endis;
+ document.iform.stream5_udp_timeout.disabled=endis;
+ document.iform.stream5_icmp_timeout.disabled=endis;
+}
+
+function enable_change_all() {
+ http_inspect_enable_change();
+ sf_portscan_enable_change();
+
+ // Enable/Disable Frag3 settings
+ var endis = !(document.iform.frag3_detection.checked);
+ document.iform.frag3_overlap_limit.disabled=endis;
+ document.iform.frag3_min_frag_len.disabled=endis;
+ document.iform.frag3_policy.disabled=endis;
+ document.iform.frag3_max_frags.disabled=endis;
+ document.iform.frag3_memcap.disabled=endis;
+ document.iform.frag3_timeout.disabled=endis;
+
+ // Enable/Disable Stream5 settings
+ endis = !(document.iform.stream5_reassembly.checked);
+ document.iform.max_queued_bytes.disabled=endis;
+ document.iform.max_queued_segs.disabled=endis;
+ document.iform.stream5_mem_cap.disabled=endis;
+ document.iform.stream5_policy.disabled=endis;
+ document.iform.stream5_overlap_limit.disabled=endis;
+ document.iform.stream5_no_reassemble_async.disabled=endis;
+ document.iform.stream5_dont_store_lg_pkts.disabled=endis;
+ document.iform.stream5_tcp_timeout.disabled=endis;
+ document.iform.stream5_udp_timeout.disabled=endis;
+ document.iform.stream5_icmp_timeout.disabled=endis;
+}
+
+// Set initial state of form controls
+enable_change_all();
+
</script>
<?php include("fend.inc"); ?>
</body>